Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Unlikely Effort To Build a Clandestine Cell Phone Network

Posted by Soulskill on from the can't-stop-the-signal dept.

Lashdots writes: Electronic surveillance has raised concerns among Americans and pushed an estimated 30% of them to protect their privacy in some form. Artist Curtis Wallen has taken that effort to dramatic lengths, documenting how to create a "clandestine communications network" using pre-paid phones, Tor, Twitter, and encryption. The approach, which attempts to conceal any encryption that could raise suspicions, is "very passive" says Wallen, so "there's hardly any trace that an interaction even happened." This is not easy, of course. In fact, as he discovered while researching faulty CIA security practices, it's really, comically hard. "If the CIA can't even keep from getting betrayed by their cell phones, what chance do we have?" he says. Still, he believes his system could theoretically keep users' activities hidden, and while it's hard, it's not impossible.

42 comments

  1. Need a new approach by Anonymous Coward · · Score: 0

    So, your new identity was provided by the government which makes you stick out like a sore thumb. Even if it wasn't, anyone using a dead person's name, or appearing in multiple locations will raise a red flag. If you use the identity in multiple locations the cell phone would be associated with the identity through correlation of metadata. Burner phones would be a big red flag anyway. Encryption can be broken, it just takes a certain dollar amount of hardware that academic researchers don't have, thus the flaws are hidden from common folk. Further, the call is recorded verbatim by an orbital 'big ear' and analysed by a computer that is smarter than you. TOR does not hide shit, it makes you stick out, there is global visibility, compromised nodes and full takes that can be rewinded. Faraday cages work by impedence mismatch, modern transmitters used in espionage adjust for this and can pass right through them.

    This is the era of big data...there is no hiding in a haystack. They'd have you in under 30 mins, probably instantly.

    In such a world, it is better to be overt, really over, James Bond levels of being overt. Scream it from the roof tops. The tech becomes redundant, as does the people who use it.

    1. Re:Need a new approach by postbigbang · · Score: 1

      Go ahead. Click the link. Get your IP address registered NOW! Oh, wait....

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re: Need a new approach by Anonymous Coward · · Score: 0

      get education before emitting stupidness

    3. Re:Need a new approach by Anonymous Coward · · Score: 0

      Faraday cages work by impedence mismatch, modern transmitters used in espionage adjust for this and can pass right through them.

      What the f*ck? Faraday cages work by Gauss's Law, as any first year college physics student knows. Provide a link that proves any transmitter can get through a closed spherical (symmetrical) conductor surface.

  2. Voice Print by Anonymous Coward · · Score: 0

    You have used Siri or Google Now or Google Voice or Cortana, haven't you? Also, TOR and then Twitter? Let's be generous and call it "art".

  3. no point by Anonymous Coward · · Score: 1

    Hard and impossible are the same in this case.

    If you want it enough to do the hard, you've probably already attracted the kind of interest to make it impossible.

  4. This is all great, but... by Anonymous Coward · · Score: 0

    Let's just say you could create a *completely secure and anonymous communications network*. Congratulations.

    How is that compatible with the construct of a free and open society based on the rule of law, which has allowances for "search" of a person's private effects?

    1. Re:This is all great, but... by silas_moeckel · · Score: 2

      It's perfectly compatible, search is not supposed to be secret. If they serve you a search warrant for you phone they should be able to go clone it etc and attempt to penetrate the crypto all they want.

      --
      No sir I dont like it.
    2. Re:This is all great, but... by BlueStrat · · Score: 2

      How is that compatible with the construct of a free and open society based on the rule of law, which has allowances for "search" of a person's private effects?

      Short of a Judge's orders in a particular ongoing investigation and/or court case, there is no obligation on the part of citizens to create/store/retrieve their papers/data and effects so as to make a search easier. Or even possible.

      If I and someone else creates a language only we understand and converse over the telephone, we are not obligated to teach any TLAs/LEAs that are recording/monitoring how to understand our new language.

      Any such requirement would likely fail court challenges due to it's prior-restraint nature.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  5. Bitcoin.... by Anonymous Coward · · Score: 0

    Great, you start by starting off with something designed to be traceable? Clearly it is an art project, not a declassified CIA how-to manual.

    Reminds me of the story of how people learned about DNA testing of saliva on envelopes, started taping them shut instead... and forgot that they left an easily recognizable fingerprint right there for investigators to check.

    1. Re:Bitcoin.... by amxcoder · · Score: 1

      Everyone knows you use a wet sponge to moisten the envelope if you don't want your saliva on it. Or now days, you can use peel n' stick envelopes, but have to be careful not to touch the sticky part with your finger. Or you wear latex gloves when creating and sending your "top secret" letters.

  6. avoid the CIA with this one weird trick by turkeydance · · Score: 2

    honeypot.

    1. Re:avoid the CIA with this one weird trick by k3vlar · · Score: 1

      Seducing and blackmailing a hot female enemy agent; I love the honeypot.

      --
      Unlike porn, which yada yada rimshot hey-ooh!
  7. Wow, much Tor, OTP and Faraday's Cage! by krkhan · · Score: 1

    Like all the amazing cryptographic solutions from people whose understanding of security boils down to Tor == anonymous and OTP == tehshitz, the article conveniently glosses over the exchange of OTP key or the Twitter account name.

    Whatever channel is used for agreeing upon those essentials, it will complicate claim of "hardly any trace that an interaction even happened" quite significantly.

    1. Re:Wow, much Tor, OTP and Faraday's Cage! by psyclone · · Score: 1

      And like one of the consultants in the article said, why not just use GPG on Pastebin?

    2. Re:Wow, much Tor, OTP and Faraday's Cage! by Anonymous Coward · · Score: 0

      It would arouse suspicion. I don't know why they don't just create a google email account access it on the burner phone create a hidden message inside an innocuous message in the drafts with the phone number encrypted in the characters of said text. Once you're done with the account change to an easy password and leave the email in public somewhere. Hackers will take over the account in short order. Burn the phone, bury the remains with Shia Lebouf's career. It will never be found.

  8. We have the technology by camg188 · · Score: 1

    Smartphones are so powerful now that cryptography software hasn't caught up yet. We have the computing power in phones now to do things not possible just a couple years ago. You could do things like real time steganography where the real audio message is hidden inside a fake conversation. The hardware is here, we just need an app for that.

    1. Re:We have the technology by Spy+Handler · · Score: 1

      there's already an app for that.

      You can't find it in Apple or Google stores, though. That would kind of defeat the purpose.

  9. Won't work in many countries by jonwil · · Score: 1

    Here in Australia (and probably in many other countries too) you have to undergo a complete identity check before you are allowed to open a prepaid phone account.

    I am surprised the USA still allows you to obtain a phone number that has absolutely zero records indicating who obtained it. But I suspect companies like TracFone and AT&T that sell a lot of these prepaid phones don't want to have to deal with the ID checks and have been able to lobby the government against them.

    1. Re:Won't work in many countries by Frosty+Piss · · Score: 3, Insightful

      Here in Australia

      I've heard that things like privacy and freedom are hard to come by in Australia.

      --
      If you want news from today, you have to come back tomorrow.
    2. Re:Won't work in many countries by Mullen · · Score: 1

      It would be a nightmare to check ID's for little junk pre-paid phones and SIM cards in the store. No one really cares anyways.

      --
      Linux O Muerte!
    3. Re:Won't work in many countries by GumphMaster · · Score: 1

      Both have become endangered species of late, and our government is treating them with same dismissive attitude it uses for other endangered species.

      --
      Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
    4. Re:Won't work in many countries by david_bonn · · Score: 1

      It would be a nightmare to check ID's for little junk pre-paid phones and SIM cards in the store. No one really cares anyways.

      Except when some whackjobs blow something up or kill someone and it turns out it was organized with prepaid phones then a lot of people are going to care a lot.

    5. Re:Won't work in many countries by Frosty+Piss · · Score: 1

      That's a shame. Why has the Right Wing been able to take hold their? Do the majority of Australians think that way?

      --
      If you want news from today, you have to come back tomorrow.
    6. Re:Won't work in many countries by swb · · Score: 2

      They're merely reclaiming their heritage as a penal colony.

    7. Re:Won't work in many countries by Anonymous Coward · · Score: 0

      Considering our surveillance apparatus is capable of both tracking the location as well as listening in on the content of calls (not to mention automatically scanning for keywords and other suspicious behavior), I'm not sure an ID check would actually add anything of value whatsoever to the task of preventing such an attack.

      Not that you're wrong that people would care...it's just that people tend to do whatever they're told once they're terrified, regardless of how likely to be helpful it actually is.

      Besides, with encrypted text messaging, phone calls, the ability to do it all over the Internet, and open or easy to break in wifi everywhere (nevermind VPN's and other anonymization methods), you'd almost HOPE attackers would be foolish enough to use the far less anonymous burner phones that can at least be listened in on and tracked. The only ones you'd be going after with draconian measures such as Australia has are drug dealers (who increasingly don't care so much about burners anymore anyway) and other small time criminals. Which of course is par for the course in Australia (go after the knife carriers and immigrants, yet let a complete lunatic like Tony Abbott run the country).

    8. Re:Won't work in many countries by PRMan · · Score: 1

      Well of course. If you lived in a country entirely peopled by criminals, you'd think differently about crime... ;)

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    9. Re:Won't work in many countries by amxcoder · · Score: 1

      Not ever having a prepaid phone, but living in the US, I am actually surprised too. Not in a bad way though, I don't think you should have to be identifiable to have a phone and I think it's great if you actually can get an anonymous phone if you desire too. I'm just surprised with all the loss of freedoms we've had in the US in the last decade that you are still allowed to buy a prepaid phone without showing ID and giving a SSN or something because "think of the children".

      Logically, there is no reason to have to provide ID to buy a prepaid cell phone, since it is by nature, prepaid. The only reason why regular cell phones should/need to have an identity attached to them is for billing/contract reasons. Unfortunately recently, the US government and corporations alike seem to think that anonymity is something to be squashed. Either the gov wants your ID associated with everything for NSA and spying reasons, or corporations want your ID tied to everything for tracking/advertising reasons. Between the two of them, there isn't a whole lot you can do to be anonymous anymore.

    10. Re:Won't work in many countries by Anonymous Coward · · Score: 0

      Australia post sell Visa "gift cards" of varying value.. cost's around $5 to purchase the card plus whatever value you're buying. No online registration or ID checks needed. They activate automatically after 24 hours after purchase. Pay in CASH ONLY for the purchase.

      A determined "investigator" could use CCTV from the Aust post store to ID you but otherwise it looks pretty ID-less.

      I will be getting one to use in signing up for a VPN

  10. Two voice prints on a link maketh metadata. by Anonymous Coward · · Score: 0

    If a voice print pair keeps showing up on different phones each time it is going to rapidly get you a lot of attention.

    1. Re:Two voice prints on a link maketh metadata. by Cafe+Alpha · · Score: 1

      I doubt they're that sophisticated yet.

      Maybe one day they'll do that.

    2. Re:Two voice prints on a link maketh metadata. by Anonymous Coward · · Score: 0

      Text to speech. It's a thing you could do it with something disposable. Like a Dell computer, or Siri

    3. Re:Two voice prints on a link maketh metadata. by Anonymous Coward · · Score: 0

      They can do it for submarine propellers. Apply machine learning for audio template matching.

      Words like "the" 'is" "a" "when" "who" "what" "now" "he" "she" "it" "then" "now" "today" "tomorrow".

      The more common the words the easier it is to build a training set. For the purpose of thresholding: a phone number is of decreasing interest the longer it's been activated and the more phone calls it's made until it hits the "general" pool where time since activation no longer distinguishes it from Aunt Betty.

    4. Re:Two voice prints on a link maketh metadata. by Anonymous Coward · · Score: 0

      Time to bust out voice modulation...

  11. Rite Aid? by drkim · · Score: 1

    You bought the burner @ Rite Aid?
    Now, if they want to backtrack the phone to the POP, they will have lovely, multiple, security videos of your face.

    At least give some random kid $5 bucks to go in the store and buy it for you.
    Sort of the opposite of buying beer when you're a minor...

  12. destroy the cell phone? by Anonymous Coward · · Score: 0

    Wouldn't it be easier to change the SIM card? Destroy the old SIM card instead? Destroying the cell phone seems like a waste. Just delete the incoming call log.

    1. Re:destroy the cell phone? by grcumb · · Score: 1

      Wouldn't it be easier to change the SIM card? Destroy the old SIM card instead? Destroying the cell phone seems like a waste. Just delete the incoming call log.

      Most phones have a unique handset (i.e. hardware) identifier which is accessible during a telephone or internet session. It's in firmware, but you may or may not be able to change it on demand.

      --
      Crumb's Corollary: Never bring a knife to a bun fight.
    2. Re:destroy the cell phone? by amxcoder · · Score: 2

      Yes, the SIM can be changed, and that will change the phone number, but the phones are encoded with a IMEI number, which is like a serial number unique to each phone. The IMEI number is tranmitted to the cell towers and is how the cell providers track what kind of phone you have and other details.

      The Feds have made it a FELONY to change the IMEI number of the phone, so even if you have the expensive equipment to do it, they've made it hard to get and illegal to use. This is how many organized theft rings would wipe a phone, they would change the IMEI number from the stolen phone, to either a generic IMEI number, or a legit IMEI number so the phone can't be de-activated on the cell network.

      The cell phone companies use the IMEI (ESN) number for several purposes, one of them is to flag stolen phones and de-activate them on the cell network. You could change the SIM, but if the IMEI number has been reported stolen, and flagged in the DB, then the phone won't be allowed on the carrier's network. The other use the cell providers use the IMEI number is to know what phone you have. For instance, ATT requires all smart phones to purchase a data plan for it (even if you only wish to use data over wifi). If you activate ANY smart phone on their network, if you don't have a data plan for it, they will detect it and add a data plan to your account. They detect whether it is a smart phone by the IMEI number on the network.

      I looked into this as I wanted to give my teen my old smart phone, but didn't want to put data on the plan for it (just calling+txt). I figured the phone was better than a feature phone, cause she could still use it on wifi, plus it holds tons of MP3's and has a nice camera etc. that aren't on feature phones. I looked into the idea of buying a go-phone (so they didn't add data to my plan), and then putting the SIM from the go-phone into my old smart phone to get it cell service. I quickly learned (from reading, not doing), that as soon as the smart phone is seen on the network (regardless of SIM used), they would add data to the plan. Needless to say, she has a go-phone.

  13. Already been done by Anonymous Coward · · Score: 0

    Mexican Drug Cartels apparently have a lot of experience with this
    https://www.google.com/?gws_rd=ssl#q=drug+cartel+cell+phone+network
    But unlike legitimate cell providers (as far as we know), they have to clean up dead bodies and deal with those annoying law enforcement and military interventions.

  14. Straw man? by Anonymous Coward · · Score: 0

    Let us be honest: if the government wants our data, it has ways to do so, from wiretapping to keylogging. However we should really think about protecting ourselves against the megacorporations, who do not have legal powers to know everything about us, and against whom the forementioned techniques may prove useful. If we deprive them of data, they can't give it to third parties (such as the government), and they have no ways to get our data without our consent...

  15. This is funny ... by michaelamerz · · Score: 1

    ... I have thoroughly enjoyed the article. But to be honest: A burner phone and an untraceable credit card may very well come in handy - if you are planning to move assets overseas to avoid the IRS. I am doing IT security for a living. I don't have the need for new identities or slipping under the radar. I secure my valuable digital assets, I use entoend encrypted voice channels, file exchange, emails, chat and messaging if necessary and I have different systems for surfing and working. So - here is my advise: Before searching the "dark" net for a new identity (which might be a CIA?NSA?FBI? honeypot) - use common sense. The government is not out to get you, they are not listening to all your calls and they are not tracking everybody's movements. If you become a target of interest (e.g. by buying fake identities) you probably deserve it. Drive to the nearest truck stop, find a truck that goes north, stick you cell phone into the belly of the truck and go south. Never turn back. Never talk to friends anymore. Just build a new life in the badlands of New Mexico. You may develop a taste for jack rabbits.

  16. Post to .onion site then? by psyclone · · Score: 1

    What if you skipped Pastebin and any other "internet" site and only posted your GPG messages on a .onion site? Then you don't need to use a TOR exit node. For just a few users it might also be suspicious, but hard to track. But if thousands of users were doing it, there could be enough noise to hide in.